Protecting your backup files from ransomware - Fred Langa
My wildest guess is to be eternally vigilant, often checking folders and files from time to time, making sure such are usable and untouched. Now, those using anti-ransomware simply have added an ally to their vigilance.

What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender to protect Windows PCs against several ransomware families. Thank you. https://labs.bitdefender.com/2016/03...cine-released/

"no longer any reason" - Really?

Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
I quote:

In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

"... any reason ..."? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

BTW should anybody be interested at all:
C: still holds C:\Users\ and C:\Program Data\.
The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.

I beg to issue a warning:

What about protection by the new Bitdefender program released on March 29? Bitdefender Anti-Ransomware is a new product by security company Bitdefender

Quote from Bitdefender's blog post about just that new tool, comments section, Bitdefender replying to a comment question:

Razvan Stoica says:
March 31, 2016 at 3:28 pm

It’s a vaccine, but it can (and probably will) be updated against new strains, hence the need to run at startup. It does not monitor behavior, it just uses some tricks to prevent those specific families of ransomware from infecting your system.
The software is provided AS-IS, without any implied or explicit guarantees. Redistribution is permitted.

That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
I quote:

In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

"... any reason ..."? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive:

Fairly early after SSDs had become available I decided to have my system and programs on a SSD drive and my now 230+GB of pure data on a conventional separate HDD. That decision was forced on me by the fact that back then I simply could not afford more than a SSD larger than 250GB capacity.

This setup has so far served me very well and I see absolutely no reason to change it, at least not as long as the current computer keeps chugging along as nicely as it does.

BTW should anybody be interested at all:
C: still holds C:\Users\ and C:\Program Data\.
The internally mounted data drive E: holds all standard Windows data folders PLUS the data folders for backing up my utilities flash drive(s) and about 3GB(!) data folders of my Thunderbird email client. As of today I have a total of 226GB of data on E:.

regarding "Win10 file-management best practice", what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks

Fred Langa, who by the way I highly respect, writes in his article "Protecting your backup files from ransomware / Win10 file-management best practice?"
I quote:

In short: Even though Windows still allows you to separate the OS and your user files, there’s really no longer any reason to do so.

"... any reason ..."? I beg to differ.

I know YMMV! Here is my personal reason to have data not only in a separate partition but even on a separate distinct disk drive...

I'm with eikelein here! I have ~1 TB of images in my Pictures folder. With a system that contains 500GB of SSD and 4TB of SSHD storage, Fred's advice doesn't work well for me. On the other hand, moving the Users folder to SSHD drives works quite well. I recognize that the danger of ransom-ware is still there, and wonder how to manage protection in a continuous backup scenario? Fred, what's your advice for this configuration?

Quote from Bitdefender's blog post about just that new tool, comments section, Bitdefender replying to a comment question:
[INDENT] Razvan Stoica says:
March 31, 2016 at 3:28 pm

That tells me that they will have to play the usual whack-a-mole game with new strains of or techniques in ransomware. YMMV but I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

eikelein, I, too, am worried about ransomware. Do you have CryptoPrevent active at the same time as Windows Defender, BitDefender, or any other anti-virus program?
thanks.
radar

........I prefer a permanently running behavioral watchdog like CryptoPrevent. I just believe that the combinationm of registry surveillance AND behavior checker/blocker has a better chance at catching zero-day behavior than a purely reactive kind of program and/or signature update alone.

I have been using CryptoPrevent for a long time and have several licensed copies. Cyptoprevent may NOT do everything you attribute to it.

My understanding of Cyptoprevent is that basically it uses Windows Group Restriction Policies to disable many of the infection methods used by current ransomware; things like running executable files from various data directories, allowing you to run things like "filename.pdf.exe", etc. I do not believe it has any "active" behavioral monitoring or registry surveillance.

In answer to @radar's question about using CryptoPrevent along side other products, I have seen no conflicts with MalwareBytes, Emsisoft, Kaspersky, ZoneAlarm, etc. (across several different machines). I believe this is due to the fact that it simply sets a bunch of "Group Policy" rules in the registry to disable much of the "bad behaviour" of current ransomware and then is done. It leaves nothing actively running.

Of course, the new version of CryptoPrevent may add additional prevention strategies.

The Following User Says Thank You to brino For This Useful Post:

regarding "Win10 file-management best practice", what are you thoughts about moving user files to another internal hard drive when using a small (256GB or less) SSD for the Windows 10 system files? thanks

Keep your normal data on the SSD and move things like music and video - files that don't change but are large - to another disk, is what I do.

Myself, I also still keep data and the OS/Programs on distinct drives.
Firstly, for reasons like eikelein outlined - an SSD for what needs to be fast and a data drive for the volume.

Secondly, for backup reasons. Having your files inside an imaging container does you 0 good if your system is down. While such events have indeed become rare, they are not 0. If my system is down, I don't want to wait until its semi-functional to get work done.

I'm a little surprised at Fred's change on this front as he used to recommend software that would allow accessing files even from DOS. He's very particular about layers of backup and protection and yet leaves this gap in accessibility in the event of real trouble.

Personally, I don't like how Microsoft organizes User files and too many programs dump their own folders in there. I leave all that stuff on the C drive and have my own familiar folder structure on the Data drive. Doing it the Microsoft way does give you some minor advantages in using their software but I'm not much of a fan of that either. I don't use a Mac because you have to do it the Mac way in Mac world but Windows seems to be drifting that way too.

I understand Paul T's suggestion but I've never found organizing files by size all that useful. I'd rather have all my music together, and so forth.

I have windows 10 and all program installations on my SSD (C and my My Documents folder on E: (2 TB HDD) (with picture and music)

I use Karen's Tools, from 2002, for my backup, precisely for the same reason as DavidFB. I like my backup files to be accessible in DOS (i.e., not stored in some proprietary all-in-one format). And, I don't trust zip files, long term storage, as I've lost too many file collections to zip files somehow getting corrupted.

One option if you have a separate internal disk for backups and "manually" backup to it: Using diskmgmt.msc in an administrator's command prompt window, set the disk offline between backups. A bit more work but it makes the disk invisible to Win so hopefully ransom ware won't see it either.